The CImg library uses an unsafe pattern to calculate memory allocations size. At least in the PNM file format parser, an attacker can trivially supply width/height fields that overflow the heap and result in arbitrary heap writes. This probably also affects other file parsers in CImg.
The CImg library uses an unsafe pattern to calculate memory allocations size. At least in the PNM file format parser, an attacker can trivially supply width/height fields that overflow the heap and result in arbitrary heap writes. This probably also affects other file parsers in CImg.
The most prominent user of CImg is gmic.
The issue is public and fixed in: /github. com/dtschump/ CImg/pull/ 295
https:/